What we protect
All data is encrypted in transit (via TLS v1.3) and at rest (via AES-256) through AWS KMS. On top of that baseline, the most sensitive data gets one of two additional protections:| Protection | Applies to | What it adds |
|---|---|---|
| Field-level encryption | SSN, EIN, bank account numbers | Each field is encrypted with externally-held keys. Plaintext is never readable from Natural’s database or systems. |
| Tokenization | Card data | Never stored on Natural’s systems at all. A PCI Level 1 vendor holds the card data and returns an opaque token. |
Related
- Compliance — Identity verification and the data we collect
- Parties — Identity types that require verification